package com.zhuyuan.security.config;

import com.zhuyuan.core.constant.Oauth2Constants;
import com.zhuyuan.redis.RedisService;
import com.zhuyuan.security.filter.FeignInternalTrustFilter;
import com.zhuyuan.security.filter.JwtAuthenticationFilter;
import lombok.RequiredArgsConstructor;
import lombok.SneakyThrows;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
import org.springframework.security.oauth2.provider.token.store.JwtTokenStore;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.web.filter.OncePerRequestFilter;

import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.ArrayList;


/**
 * @description: 资源服务配置
 * @author: 张琳凯
 * @date: 2025/2/17 22:54
 **/
@EnableResourceServer // 开启资源服务器校验
@Configuration
@RequiredArgsConstructor
public class SecurityResourceServerConfig extends ResourceServerConfigurerAdapter {
    private final RedisService redisService;
    /**
     * 放行和认证规则
     */
    @Override
    @SneakyThrows
    public void configure(HttpSecurity httpSecurity) {
        httpSecurity.headers().frameOptions().disable();
        httpSecurity.addFilterBefore(new JwtAuthenticationFilter(tokenStore(),redisService), UsernamePasswordAuthenticationFilter.class);
        ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry registry =
                httpSecurity.authorizeRequests();
        registry.and().addFilterBefore(new FeignInternalTrustFilter(), UsernamePasswordAuthenticationFilter.class);
        // 放行白名单接口
//        registry.antMatchers(Convert.toStrArray(serverResourceSecurityProperties.getIgnoreUrls())).permitAll();
        registry.antMatchers("/auth/test","/auth/login","/auth/code").permitAll();
        registry.anyRequest().authenticated()
                .and().csrf().disable();
    }

    @Bean
    public TokenStore tokenStore() {
        return  new JwtTokenStore(accessTokenConverter());
    }

    @Bean
    public JwtAccessTokenConverter accessTokenConverter() {
        JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
        converter.setSigningKey(Oauth2Constants.SIGNING_KEY);
        return converter;
    }

}
